PPTP-based Remote Site Connection
Applies To: Windows Server 2008, Windows Server 2008 R2
The Chicago branch office is a PPTP-based branch office that uses a router running Windows Server 2008 R2 to create a persistent, router-to-router VPN connection with the corporate office router in New York. The connection is never terminated even when idle.
To deploy a PPTP, two-way initiated, persistent, router-to-router VPN connection to the corporate office based on the settings configured in Common Configuration for the VPN Server and Remote Site Connection and Static Routed IP Network Example, the following settings are configured on the VPN server and Chicago router.
VPN server configuration
The VPN server is configured with a demand-dial interface and a static route.
Demand-dial interface for router-to-router VPN connection
To connect the corporate office VPN server to the Chicago router by using a router-to-router VPN connection over the Internet, a demand-dial interface is created on the corporate office VPN server by using the Demand-Dial Interface Wizard with the following settings:
Interface name: VPN_Chicago
Connection type: Connect using virtual private networking (VPN)
VPN type: Point to Point Tunneling Protocol (PPTP)
Destination address: 131.107.0.1
Protocols and security: Route IP packets on this interface
Static routes for remote networks (all locations on the Chicago network):
Interface: VPN_Chicago
Destination: 192.168.9.0
Network mask: 255.255.255.0
Metric: 1
Dial-out credentials:
User name: VPN_CorpHQ
Domain: fabrikam.com
Password: o3\Dn6@`-J4
After the demand-dial interface is created, on the Options tab, under Connection type, the Persistent connection option is selected. To obtain properties of a demand-dial interface, click Network Interfaces, right-click the demand-dial interface, and then click Properties.
Chicago router configuration
The Chicago router is configured with a demand-dial interface and a static route.
Demand-dial interface for router-to-router VPN connection
To connect the Chicago office router to the corporate office router by using a router-to-router VPN connection over the Internet, a demand-dial interface is created on the Chicago office router by using the Demand-Dial Interface Wizard with the following settings:
Interface name: VPN_CorpHQ
Connection type: Connect using virtual private networking (VPN)
VPN type: Point to Point Tunneling Protocol (PPTP)
Destination address: 207.209.68.1
Protocols and security: Route IP packets on this interface
Static routes for remote networks (VPN server only):
Interface: The WAN adapter attached to the Internet
Destination: 207.209.68.1
Network mask: 255.255.255.255
Gateway: 0.0.0.0
Metric: 1
Note
Because the WAN adapter creates a point-to-point connection to the ISP, any address can be entered for the gateway. The gateway address of 0.0.0.0 is an example.
Static routes for corporate intranet and branch offices (all locations on the corporate intranet):
Interface: VPN_CorpHQ
Destination: 172.16.0.0
Network mask: 255.240.0.0
Metric: 1
Static routes for remote networks (all branch office locations):
Interface: VPN_CorpHQ
Destination: 192.168.0.0
Network mask: 255.255.0.0
Metric: 1
Dial-out credentials:
User name: VPN_Chicago
Domain: fabrikam.com
Password: U9!j5dP(%q1
After the demand-dial interface is created, on the Options tab, under Connection type, the Persistent connection option is selected.